The Deadly Duo: Spam and Viruses, May 2006

Employee spam management accounts for up to 12.5 percent of lost time on the job, while false positives pose problems in business and personal matters alike.

When spam makes its way into the inbox of a business account, it can sap an employee’s time as they filter out unwanted messages. A "Spam Personality" survey conducted by anti-spam solutions firm Reflexion Network Solutions finds employees spend as much as one hour per day deleting spam. That’s 12.5 percent of lost time for a staffer who works 1,824 hours per year.

The survey also identifies the perils of false positives (define) which include job termination, broken relationships, missed flights and other embarrassing situations.

While spam often transmits malicious code through attachments or by tricking recipients to visit a site to infect computers, several security firms have identified a worm that infects computers when the email is opened in Yahoo Mail. The JS/Yamann-A or Yamanner JavaScript worm exploits a vulnerability in Yahoo’s mail and Web group services. While the worm was widely reported, its impact on users of the Web-based mail system was reported to be minimal.

"In this instance, Yahoo detected a worm on Monday morning (June 12), which impacted a very small fraction of Yahoo Mail users. We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers and requires no additional action on the part of the user," said Yahoo Spokesperson Kelley Podboy.

Further remarks from Podboy assured users of the Web mail client of continued support and improvement. "Yahoo continues to take a multi-faceted approach to protecting consumers against scams and online threats throughout the use of enhanced filtering and email authentication technologies, industry collaboration, public policy efforts, and increasing consumer awareness," she said.

Sophos said none of its users were affected by the worm. Sophos also broke the code on a ransomeware Trojan known as Troj/Arhiveus-A or MayAlert. The malicious code is known to gather files from the "My Documents" folder and replace them with a ransom note demanding money, or in this case, that a user make a purchase from one of three online drugstores. The cracked 38-character password is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw" or at least for this particular round of the Arhiveus-A.

In May, Viruses and worms accounted for just 12.3 percent of all malware, according to the security firm. Trojan horses accounted for 85.1 percent of threats. The long-in-circulation Netsky-P still tops the list of most circulated malware. The worm was first seen in March of 2004.

Top 10 Reported Malware, May 2006

Position

Virus

Percentage of Reports

1

W32/Netsky-P

16.7

2

W32/Zafi-B

11.4

3

W32/Nyxem-D

7.5

4

W32/Mytob-AS

6.3

5 (tie)

W32/Mytob-P

5.3

5 (tie)

W32/Mytob-M

5.3

6

W32/Netsky-D

3.7

7

W32/MyDoom-O

3.6

8

W32/Mytob-FO

2.9

9

W32/Mytob-C

2.1

Others

35.2

Source: Sophos Plc., 2006

One in every 141 emails is virus infected, down from one in every 38 emails counted in May of last year. "The proportion of virus infected email has dropped considerably over the last year as hackers have turned from mass-mailing attacks to targeted Trojan horses," said a statement issued by the company.

Top 10 Reported Hoaxes and Chain Letters, May 2006

Position

Virus

Percentage of Reports

1

Olympic torch

18.6

2

Hotmail hoax

15.1

3

Justice for Jamie

4.8

4

Bonsai kitten

4.2

5

Budweiser frogs screensaver

4.1

6

Meninas da Playboy

3.8

7

MSN is closing down

3.0

8

Bill Gates fortune

2.8

9

MySpace J_Neutron07 virus

1.9

10

WTC Survivor

1.6

Others

40.1

Source: Sophos Plc., 2006

Postini filtered 25 billion email messages last month, an increase of 13 percent over April message levels. A majority 65 percent were rejected at the network layer where DHA (define) and DoS (define) attacks.

Increased levels of email traffic, and the large portion of mail being blocked outright by spam filters leads spammers to adopt new practices. "If every company has some sort of spam or virus filtering, the users are protected and can get their jobs done," said Andrew Lochart, senior director of marketing at Postini. "When it becomes that ubiquitous, the bad guys notice, they notice the URLs in spam messages don’t get clicked, phishing Web sites get removed by the ISPs in minutes instead of hours.

"They can increase the volume of garbage that gets sent out, or they can change their techniques for how that message is composed," said Lochart. One method that became prevalent over the past two years is to create a network of botnets (define) also known as zombies. More recently, spammers and distributors of malware have turned to attacks over instant messaging platforms.

Top Five Viruses, May 2006

Virus Name

Quantity Blocked

MyTob variants

5,206,192

Netsky

2,492,450

Swen

1,340,982

Mydoom

803,051

Lovgate

788,252

Source: Postini, 2006

While zombie networks aren’t new, CipherTrust saw a 21 percent jump in the number of new zombie machines in May. The company reports over 7.5 million new zombie computers were created worldwide. The induction of new zombie machines lead to a 20 percent increase in overall email traffic. The month also saw an increase in randomized image-based stock spam messages. In these emails, spammers are using more challenging graphics-based messages to evade filters. While new zombie machines increase the volume of spam, the company’s research shows that the new image-based messages contribute to the rise in new zombie-infected computers.

"We believe there is a direct correlation between the rise of image-based spam attacks and the significant jump in the number of zombies and overall email traffic," said Dmitri Alperovitch, research engineer at CipherTrust, in a statement. "Spammers have come up with a new method of getting past many signature-based blocking systems and they are exploiting this and cranking out more spam in the last 30 days."

The Kaspersky Lab Online Scanner registered a handful of new threats, and the reappearance of two classics. The Hidrag.a and Redlof.a are both widespread Trojans. The older worms take longer to spread but tend to infect a large number of machines and tend to have difficult removal procedures. The firm said that while the virus made the list of most distributed threats, it may not constitute a real threat.

UPCOMING EVENTS

Featured White Papers

US Consumer Device Preference ReportTraditionally desktops have shown to convert better than mobile devices however, 2015 might be a tipping point for mobile conversions! Download this report to find why mobile users are more important then ever.